﻿using System;
using System.Collections;
using System.Configuration;
using System.Data;
using System.Data.OleDb;
using System.Web;
using System.Web.Security;
using System.Web.UI;
using System.Web.UI.HtmlControls;
using System.Web.UI.WebControls;
using System.Web.UI.WebControls.WebParts;

namespace skvote
{
    public partial class _Default : System.Web.UI.Page
    {
        private OleDbConnection connection = new conn().CreateConnection();
        protected void Page_Load(object sender, EventArgs e)
        {
            if (Request.QueryString["XHType"] == "logout")
            {
                Session["code"] = "";
                Session["admin"] = "";
                Response.Redirect("login.aspx");
                //Response.Write("<script language='javascript' type='text/javascript'>alert('执行');location.href='login.aspx';</script>");
            }
        }

        protected void login_Click(object sender, EventArgs e)
        {
            try
            {
                string username = function.nohtml(Request["username"]);
                string password = System.Web.Security.FormsAuthentication.HashPasswordForStoringInConfigFile(function.nohtml(Request["password"]), "md5").Trim();
                string code = Request["yz"];
                OleDbCommand cmd = new OleDbCommand("SELECT username,[password] FROM XH_Config where username=\"" + username + "\"", connection);
                OleDbDataReader reader = cmd.ExecuteReader();
                if (reader.HasRows)
                {
                    reader.Read();
                    if (username != reader.GetString(0).Trim())
                    {
                        Response.Write("<script language='javascript' type='text/javascript'>alert('用户名错误');location.href='login.aspx';</script>");
                        connection.Close();
                        Response.End();
                    }
                    if (password != reader.GetString(1).Trim())
                    {
                        Response.Write("<script language='javascript' type='text/javascript'>alert('密码错误');location.href='login.aspx';</script>");
                        connection.Close();
                        Response.End();
                    }
                    if (code==null || Session["code"].ToString() != code.Trim().ToUpper())
                    {
                        Response.Write("<script language='javascript' type='text/javascript'>alert('验证码错误');location.href='login.aspx';</script>");
                        connection.Close();
                        Response.End();
                    }
                    //Response.Write("<script language='javascript' type='text/javascript'>alert('登陆成功" + Session["code"].ToString()+","+code +"')</script>");
                    Session["admin"] = reader.GetString(0).Trim();
                    Response.Redirect("admin_index.aspx");
                }
            }
            catch (Exception)
            {

            }
            finally
            {
                connection.Close();
            }

        }
    }
}
